The Single Post Exporter WordPress plugin up to and including 1.1.1 does not have CSRF checks when saving its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
single post exporter project single post exporter |